Re: [squid-users] HTTPS pass through

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 04 Jul 2011 23:24:27 +1200

On 04/07/11 23:03, Deniz Eren wrote:
> Hi;
>
> I want to pass https traffic through squid without processing it, only
> pass the traffic. I'm not interested with filtering or seeing the
> content. I won't use proxy, the iptables rule below will redirect
> https traffic to squid.
>
> iptables -t nat -I PREROUTING -p tcp --dport 443 -j DNAT
> --to-destination 192.168.0.1:3128
>
> If I succeed this I will work on an acl which uses SNI. I will
> appreciate if you give me ideas about SNI filtering too(the SNI I am
> talking about is different from the one implemented in squid, my only
> purpose is acl).
>
> http://en.wikipedia.org/wiki/Server_Name_Indication
>
> Good day to you..

Two points:
  1) Receiving HTTPS traffic involves processing it.

  2) Squid currently does not support NAT interception of any traffic
type except plain HTTP or ICY (when sent via port 80).

If you plan on doing code towards supporting SSL or SNI please get in
touch with squid-dev mailing list about it. The developers who recently
added SNI support to Squid may be working in that area still.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.9
Received on Mon Jul 04 2011 - 11:24:37 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 04 2011 - 12:00:02 MDT